Set maximum pinning age

src/freedombone-pin-cert

@@ -35,6 +35,9 @@ export TEXTDOMAINDIR="/usr/share/locale"
 
 WEBSITES_DIRECTORY=/etc/nginx/sites-available
 
+# 90 days
+PIN_MAX_AGE=7776000
+
 function pin_all_certs {
     if [ ! -d $WEBSITES_DIRECTORY ]; then
         return
@@ -52,7 +55,7 @@ function pin_all_certs {
                     BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
                     if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
 
-                        PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
+                        PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=${PIN_MAX_AGE}; includeSubDomains';"
                         sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
                         echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
                     fi